I’ve seen a lot of threads here about self-hosting DNS from people that host their own services, but nothing beginner-friendly on hosting your own DNS server just for privacy. It seems to me that your biggest privacy risk as a consumer is your ISP snooping on your DNS requests, and replacing your ISP with another mega-corp doesn’t seem like much of an improvement. Does anyone know of an easy way to spin up your own secure DNS server? Something like a digital ocean droplet that’s idiot proof, fire-and-forget, and not too expensive?
Edit: mirroring is fine, but just running a proxy doesn’t seem much better to me since you’re still creating a paper trail for all of your browsing back to a server you’re renting, but I’d be happy if someone could explain why I’m wrong about that.
Coincidentally thats my setup rn. Hosted my domain dns myself using technitium. Then i further xafr icann root zone and setup dns over tls. The dns over tls queried the local icann root zone copy i got. Its also blocking ads and tracker craps. Basically self reliant dns.
Can be done with bind9 too but i prefer technitium gui than bind9 cli.
Adguard Home or pihole for starters.
Or run unbound and go straight to authoritative DNS servers.
Unbound is pretty easy if you have experience with editing config files.